I was asked to attend something in Chicago to help develop this exam. It was a week long thing and I really wanted to do it, but was unable to.

I just got the e-mail inviting me to take the beta exam too. They list an authorized testing center in my city, but when I went to register for the exam, the closest testing center that has it is 400 miles away! They only have 2 days open for it too. I'm not driving 400 miles to take a beta exam.

I'm really annoyed that I can't register to take it at my local testing center.

I was asked to attend something in Chicago to help develop this exam. It was a week long thing and I really wanted to do it, but was unable to.

I just got the e-mail inviting me to take the beta exam too. They list an authorized testing center in my city, but when I went to register for the exam, the closest testing center that has it is 400 miles away! They only have 2 days open for it too. I'm not driving 400 miles to take a beta exam.

I'm really annoyed that I can't register to take it at my local testing center.

Ya it was kinda lame. I would have to drive about 100 miles. Thats not gonna happen. I think I will pass.

10 years of IT with 5 specifically in security, that's one helluva step up from Security+.

Which probably means it won't get recognition with HR for starters and test takers won't take it cause it costs too much, has poor recognition and probably has to be recertified every 3 years. Oh and it's CompTIA and not ISC2. But then I might be a bit pessimistic!

They're trying to compete with CISSP. CISSP requires 5 years of specific security experience. I don't think it will take that long to be recognised because it's CompTIA. They're already recognised for their other certs.

Do you people really think that every cert out there should be for people with no IT experience to take as an attempt to get into IT?

I hate running into people with all sorts of certs but no experience that have no clue what they're talking about or doing.

These kinds of certs have more credibility for those of us that have been in IT for a while. Although I'd still take a CISSP over this one, and I don't see that changing, at least not any time soon. There's no endorsement requirement for this one like the CISSP has. That's one of the things I like about the CISSP, is you have to get an endorsement from someone who already has one, before you can get yours. To me, that makes it mean a lot more.

Do you people really think that every cert out there should be for people with no IT experience to take as an attempt to get into IT?

Of course not. But how many other certs have 10 years experience as a requirement?

I would be cool with just 5 years of related security experience , so that it mirrored the CISSP. I just feel that 10 is a bit much. As is, it dwarfs the CISSP requirements by doubling minimum time requirement.

The target participant is a technical security practitioner with 10 years of experience in IT, and at least 5 years of hands-on information security design and implementation experience at the enterprise level.

If you fit the profile of the target candidate for the CompTIA Advanced Security Practitioner, and you are able to travel to one of the confirmed VUE testing centers, we do hope you will take the exam. The CompTIA exam code for the CASP beta, for registration purposes, is CA1-001.

Let's look at the first quote...

"The target participant" means that they would prefer that someone has that experience, but I didn't read anywhere in those quotes that it's a requirement to take the Beta, much unlike the CISSP. I don't think CompTIA is going to be a stickler on that. If you aren't a target participant, it's not going to stop you from still taking the BETA.

The only security thing I do is maybe assign NTFS permissions and request CA certs from Verisign, to then implement in my Weblogic servers...there were other things that I do that would qualify me taking the CISSP. But I'm not solely an IT Security professional...but I do practice it.

While downloading the objectives so that I can read later (I am not going to let this distract me from my 640 studies), here's another quote from Comptia....

The CompTIA Advanced Security Practitioner (CASP) Certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, ―hands-on‖focus at the enterprise level.

Of course not. But how many other certs have 10 years experience as a requirement?

I would be cool with just 5 years of related security experience , so that it mirrored the CISSP. I just feel that 10 is a bit much. As is, it dwarfs the CISSP requirements by doubling minimum time requirement.

It's 10 years overall IT with 5 years of security experience. As others have already pointed out, it's not a strict requirement, more of a suggestion. You can still take the test without it. They are just saying the test is geared for people with that level of experience. If you go and take it and you don't have that level of experience, you may have a harder time passing it.

That being said, I don't think it's going to be a very good beta test if a bunch of people with no experience go take it and fail. I'm guessing they only sent these invites out to people who already have their Security+ certification, possibly to those who have had it for a few years already, hoping they would fit what they're looking for.

I took the Beta exam last Friday. It just closed out today so my input won't help anyone. It was 92 questions that were more in depth than the CISSP. I went in thinking it would be another easy compTIA cert like the security+ or network+ but it had some good technical questions. I would say if you all ready have the CISSP then this exam won't do much for you but if you have a security+ and you want more of a management cert without getting your CISSP then this is up your alley and is what I think COMPTIA is aiming for.

Sat the CASP today

I went into the exam totally cold and got quite a doozy, especially in comparison to other CompTIA offerings. Overall I was very impressed with this exam.

Thoughts:
Based on my set of questions; I think that this exam is a pretty good gauge of your abilities to function as a well rounded security professional. Without breaking the NDA I will say that some of the questions I got were very technical, some where very focused on management, and a portion was related to network design (which I was very happy to see). There was at least 1 question that I'm certain nobody who hasn't actually 'done it' in the real world will be able to get. I was also happy that while the exam maintained vendor neutrality overall, I did receive questions that had some very useful vendor focused material.

Some of the questions lacked a bit to be desired in the wording category, but that's just about any certification exam. Overall I think this is a pretty good evaluation exam for a 'general security person'. Maybe a system architect, or sys admin. I would be quite impressed if a run of the mill CTO could pass this test without a boot camp or brain dump.

Going in with no study at all I left with a 60/40 feeling as to if I passed. That is to say, not knowing what the pass margin is (some tests are 50%, some are 90%) I felt like I did decently.

Finally I would like to say that all any certification actually validates is that you can pass a test. Maybe even by simple luck. Certs don't make you good, but if you are good certs can help to prove it, and they can also be a good career investment.

Who am I?
I'm brand new to the board so it's fair to ask 'OK, so who the hell are you to give us your opinion?' I have been a software engineer, architect, and/or team lead for a little over 13 years. I have 2 degrees and 2 academic certificates in comp sci & information security. I currently hold about a dozen active certifications including: C|EH, C|HFI, Security+, Linux+, Project+, iNet+, SCJP, SCWCD, [and the list goes on, 'all' of these areas were useful to in my CASP test]. I am not an expert by any stretch of the imagination. I've been around the block a few times and I've taken these types of tests before. So there, that's me.

TechExams.Net is not sponsored by, endorsed
by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®,
CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, CCSI™;
the Cisco Systems logo and the CCIE logo are trademarks or registered
trademarks of Cisco Systems, Inc. in the United States and certain other
countries. All other trademarks, including those of Microsoft, CompTIA, Juniper ISC(2),
and CWNP are trademarks of their respective owners.